Experts at AdGuard have suggested that the new phenomenon that has seen a couple of sites caught using website visitor’s CPU power to mine cryptocurrency, may in fact be a bigger issue than first believed.
First there was illegal torrent site, The Pirate Bay, that was shown to be secretly mining Monero through Javascript; a way for them to increase their revenue separate from advertising. Then it was online streaming site, ShowTime, that also exhibited the same Javascript.
However, the pirate mining pandemic seems to be much larger as AdGuard have suggested that over 220 sites are actively, and mostly secretly, doing it, affecting over half-a-billion users a month.
Solving math problems
Many of these sites, especially the ones that have come forward and admitted that they are using users’ CPU power to mine cryptocurrency, are using things like CoinHive and JSEcoin.
These scripts work in their browsers to verify blockchain transactions, which tend to require significant computational resources. In the last three weeks, AdGuard estimated that the people behind these schemes have made approximately $43,000.
The likes of CoinHive have expressed their dissatisfaction with the secretive nature that many sites have gone about things when it has come to using their script. In fact, many responded to The Pirate Bay, after they came clean, saying they don’t mind, as long as they can give consent.
Coinhive publicly asked those using its script to adopt a permission-based model, but it may be impossible to make such requests compulsory. Although this mining is not as malicious as infecting users with Malware, it still puts additional strain and wear-and-tear on people's’ CPUs.
Surprising for the operators
Because cryptocurrencies are such a hot commodity, the rush to get hands on them has seen many different and diverse methods crop up.
In fact, the purposeful implementation of scripts is not even the only way that Pirate miners are profiting.
PolitiFact, a fact-checking website, was running a script to mine cryptocurrency but has since removed it. The site is now conducting an investigation into the script’s origins.